Authenticated SMTP

Jump to

Authenticated SMTP Submission

IST is now supporting authenticated SMTP submission, a mechanism to let remote users send email via the CS department servers.

We recommend that users consider switching when using laptops or home computers to send mail from their @cs.ualberta.ca addresses. All modern mail clients should support authenticated SMTP.

The relevant settings for your mail client are as follows; See setup for configuration instructions.

SMTP Server
     smtp-auth.cs.ualberta.ca

SMTP Port
     465, only if using Outlook Express
     587, otherwise

Authentication
     Required (username, password)

Encryption
     Required (TLS) 

Back to top

What is Authenticated SMTP

SMTP, the Simple Mail Transport Protocol, is used to transfer mail from one mail server to another; it has also been used to submit mail from a user's mail client to a mail server for delivery. Historically, all mail servers accepted mail for all addresses, even if the server did not provide service to that address, and forwarded the mail to the appropriate location.

With an increasing volume of spam, this approach became untenable and mail server generally now only accept mail from (1) clients on their own IP networks or (2) for addresses that they serve. As a result, sending mail from a remote network with a local address to a remote user becomes problematic. For example, say you're a cs.ualberta.ca user visiting cs.ubc.ca, and you want to send mail to cs.utoronto.ca: the cs.ualberta.ca outbound mail server will reject your mail since it's not going to cs.ualberta.ca; you'd need to use cs.ubc.ca's outbound mail server to send the mail instead. And each time you change your location, you'd need to change the SMTP server you use!

Enter authenticated SMTP: if your "home" outbound mail server can make sure that you're authorized to send mail through it to third parties, even if you happen to be somewhere else, this problem goes away. This service has been provided by TST since January 2004, but with the introduction of greylisting to reduce spam volumes, sending mail through authenticated SMTP has required either (1) waiting for your IP address to be whitelisted by our firewall or (2) SSHing to access.cs.ualberta.ca. Also, some ISPs block access to SMTP's default port of 25 to require you to use their own mail server, which breaks authenticated SMTP.

SMTP submission, defined by RFC 2476, provides a secure mechanism for submitting email from your mail client to a mail server which you're authorized to use. You no longer have to worry about changing your server based on your location, waiting for your IP address to be whitelisted, SSHing to access.cs.ualberta.ca, or (in most cases) about an ISP blocking access to the mail server. Authenticated SMTP submission works by connecting on port 587 to a mail server, which then checks whether you're allowed to send mail through it based on your user ID and password; if so, your mail's accepted and retransmitted. Of course, we're only allowing encrypted connections so that your password is kept confidential.

Back to top

Setting up Authenticated SMTP

All mailers differ, but you'll need to set preferences for the outbound SMTP server to use SSL/TLS and your CS account ID and password. You will also need to specify that the outbound SMTP server should use port 587 (except if you're using Outlook Express, in which case you want 465) rather than the default of 25.

The IST Service Desk helpdesk has illustrated instructions for most major email clients; be sure to use the settings for your CS account:

SMTP Server
     smtp-auth.cs.ualberta.ca

SMTP Port
     465, only if using Outlook Express
     587, otherwise

Authentication
     Required (username, password)

Encryption
     Required (TLS)

Can I use Authenticated SMTP with my @ualberta.ca email?

Yes! Instructions for most major email clients are available from the AICT (formerly CNS) helpdesk.

Back to top